This Project uses various technologies for extracting Windows process handles data from a given context. Based on ClrMd, WCT, MiniDump and other Windows APIs at its core.
There is two possible sources : live process, dump file
For live process you'll need to pass the PID as the Command-Line parameter by this convention:
-live -p [PID]
If you want to use dump file as a source:
-dump -p [FILE]
Filtering Options:
-b, --Blocking Objects Get list of blocking objects. -s, --Stack Trace List threads and their stack frames -h, --Total handles Summary of handles and their types -t, --Threads list List of process threads -a, --All List all available data (-b, -s, -h, -t)
The result is printed to the console and to text files. Text files can be found in "./Logs" directory.
Used Technologies:
Live Process:
Managed threads: ClrMd + WinBase.h API (NtQueryObject)
Native Threads: WCT + WinBase.h API (NtQueryObject)
Supported OS:
Windows 10 (10.*), Windows 8 (6.3), Windows 8.1 (6.3)
Dump File:
Managed threads: ClrMd + WinBase.h API (NtQueryObject)
Native Threads: MiniDump + WinBase.h API (NtQueryObject)
Supported OS:
Windows 10 (10.*), Windows 8 (6.3), Windows 8.1 (6.3), Windows 7